Conversation
|
|
||
| - name: Set version and tag variables | ||
| env: | ||
| INPUT_VERSION: ${{ github.event.inputs.version }} |
There was a problem hiding this comment.
Det er anbefalt å bruke env i steden for å bruke kommandoer direkte i actions. Dette er for å unngå shell injections:
https://securitylab.github.com/resources/github-actions-untrusted-input/#remediation
There was a problem hiding this comment.
Pull request overview
This PR updates GitHub Actions workflows used for CI, documentation deployment, and NuGet release automation for the Fhi.* packages.
Changes:
- Bumps several GitHub Action versions and enables caching for
actions/setup-dotnet. - Adds explicit
permissionsblocks to workflows and introduces CIconcurrencyconfiguration. - Refactors release workflows’ version/tag env handling and fixes the
prereleaseexpression syntax.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/Fhi.Authorization.Extensions_Release.yml | Updates release workflow actions/permissions, .NET caching, version/tag handling. |
| .github/workflows/Fhi.Authentication.JwtDPoP_Release.yml | Updates release workflow actions/permissions, .NET caching, version/tag handling. |
| .github/workflows/Fhi.Authentication.Extensions_Release.yml | Updates release workflow actions/permissions, .NET caching, version/tag handling. |
| .github/workflows/Documentation.yml | Updates actions and adds permissions for GitHub Pages deployment. |
| .github/workflows/CI.yml | Updates actions, adds permissions/concurrency, and changes CI trigger behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
leknesh
left a comment
leknesh
left a comment
There was a problem hiding this comment.
Se over Copilot-kommentarene angående indentation, den hevder ugyldig YAML, vet ikke om det stemmer?
Hvis OK: LGTM, bra å tette sikkerhetshullet her
resolves #51